Export limit exceeded: 12109 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12109 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-56406 | 2 Neo4j, Neo4j-contrib | 2 Neo4j, Mcp-neo4j | 2026-04-15 | 7.5 High |
| An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local environment where authentication realistically would not be needed. Also, the Supplier provides middleware to help isolate the MCP server from external access (if needed). | ||||
| CVE-2024-5204 | 2 Boomdevs, Wordpress | 2 Swiss Toolkit, Wordpress | 2026-04-15 | 8.8 High |
| The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with contributor-level and above permissions to log in as any existing user on the site, such as an administrator. | ||||
| CVE-2024-50341 | 1 Symfony | 1 Symfony | 2026-04-15 | 3.1 Low |
| symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the `Security::login` method now ensure to call the configured `user_checker`. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-46941 | 2026-04-15 | N/A | ||
| SystemUI has an incorrect component protection setting, which allows access to specific information. | ||||
| CVE-2024-8509 | 1 Redhat | 1 Migration Toolkit Virtualization | 2026-04-15 | 7.5 High |
| A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information. | ||||
| CVE-2025-31486 | 1 Vitejs | 1 Vite | 2026-04-15 | 5.3 Medium |
| Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than build.assetsInlineLimit (default: 4kB) and when using Vite 6.0+. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 4.5.12, 5.4.17, 6.0.14, 6.1.4, and 6.2.5. | ||||
| CVE-2024-5201 | 2026-04-15 | 8.8 High | ||
| Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request | ||||
| CVE-2025-20131 | 1 Cisco | 1 Identity Services Engine Software | 2026-04-15 | 4.9 Medium |
| A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload using the Cisco ISE GUI. A successful exploit could allow the attacker to upload arbitrary files to an affected system. | ||||
| CVE-2025-20100 | 2026-04-15 | 7.5 High | ||
| Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-11030 | 1 Tutorials-website | 1 Employee Management System | 2026-04-15 | 7.3 High |
| A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. | ||||
| CVE-2025-20099 | 1 Intel | 1 Rapid Storage Technology | 2026-04-15 | 6.7 Medium |
| Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20083 | 2026-04-15 | 7.5 High | ||
| Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20076 | 2026-04-15 | 5 Medium | ||
| Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2024-51997 | 1 Confidential-containers | 1 Trustee | 2026-04-15 | 8.1 High |
| Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM attacker, but the verifier (CoCo Verification Demander like KBS) could still verify it successfully. In the payload of ART token, the ‘jwk’ could be replaced by attacker with his own pub key. Then attacker can use his own corresponding private key to sign the crafted ART token. Based on current code implementation (v0.8.0), such replacement and modification can not be detected. This issue has been addressed in version 0.8.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-49564 | 1 Nokia | 2 Cbis, Ncs | 2026-04-15 | 8.8 High |
| The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine. The risk can be partially mitigated by restricting access to the management network using external firewall. | ||||
| CVE-2025-31512 | 2026-04-15 | 7.3 High | ||
| An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval via isAddedByApprover in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version equal to or greater than one of the following build numbers: 4.1.12.2.1.19, 4.1.12.5.2.36, 4.1.13.0.60, 4.1.13.2.0.3.39, 4.1.13.2.0.3.41, 4.1.13.2.42, 4.1.13.2.25.44, 4.1.14.0.13, 4.1.14.0.43, 4.1.14.0.48, and 4.1.14.1.5.32. | ||||
| CVE-2024-11186 | 2026-04-15 | 10 Critical | ||
| On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service. | ||||
| CVE-2025-10992 | 1 Roncoo | 1 Roncoo-pay | 2026-04-15 | 5.3 Medium |
| A vulnerability was determined in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. Affected is an unknown function of the file /user/info/lookupList. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-43101 | 2026-04-15 | 5.3 Medium | ||
| Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-12430 | 2026-04-15 | 7 High | ||
| An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. | ||||